Keys Under Doormats: Mandating Insecurity by Requiring Government Access to All Data and Communications

Wednesday, January 27, 2016 - 9:00am9:30am

Ron Rivest, Massachusetts Institute of Technology

Abstract: 

Twenty years ago, law enforcement organizations lobbied to require data and communication services to engineer their products to guarantee law enforcement access to all data. After lengthy debate and vigorous predictions of enforcement channels “going dark,” these attempts to regulate the emerging Internet were abandoned. In the intervening years, innovation on the Internet flourished, and law enforcement agencies found new and more effective means of accessing vastly larger quantities of data. Today we are again hearing calls for regulation to mandate the provision of exceptional access mechanisms. In this report, a group of computer scientists and security experts, many of whom participated in a 1997 study of these same topics, has convened to explore the likely effects of imposing extraordinary access mandates.

We have found that the damage that could be caused by law enforcement exceptional access requirements would be even greater today than it would have been 20 years ago. In the wake of the growing economic and social cost of the fundamental insecurity of today’s Internet environment, any proposals that alter the security dynamics online should be approached with caution. Exceptional access would force Internet system developers to reverse “forward secrecy” design practices that seek to minimize the impact on user privacy when systems are breached. The complexity of today’s Internet environment, with millions of apps and globally connected services, means that new law enforcement requirements are likely to introduce unanticipated, hard to detect security flaws. Beyond these and other technical vulnerabilities, the prospect of globally deployed exceptional access systems raises difficult problems about how such an environment would be governed and how to ensure that such systems would respect human rights and the rule of law.

Ron Rivest, Massachusetts Institute of Technology

Professor Rivest is an Institute Professor at MIT, a member of its Department of Electrical Engineering and Computer Science, a member of MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL), a member of that lab's Theory of Computation Group and a leader of its Cryptography and Information Security Group.

He received a B.A. in Mathematics from Yale University in 1969, and a Ph.D. in Computer Science from Stanford University in 1974. His research interests include cryptography, computer and network security, algorithms, and voting system security.

Rivest is a co-inventor of the RSA public-key cryptosystem, has extensive experience in cryptographic design and cryptanalysis. He is also a founder of RSA Data Security and of Verisign. Together with Adi Shamir and Len Adleman, he has received the 2002 ACM Turing Award.

He is also well-known as a co-author of the text, Introduction to Algorithms (with Cormen, Leiseron, and Stein).

He is a member of the National Academy of Engineering and the National Academy of Sciences, and is a Fellow of the Association for Computing Machinery, the International Association for Cryptographic Research, and the American Academy of Arts and Sciences. He is on the Advisory Board for the Electronic Privacy Information Center and on the board of Verified Voting.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@conference {206271,
author = {Ron Rivest},
title = {Keys Under Doormats: Mandating Insecurity by Requiring Government Access to All Data and Communications},
year = {2016},
address = {San Francisco, CA},
publisher = {{USENIX} Association},
month = jan,
}

Presentation Video